Cyberattack hits Omni Hotels systems, taking out bookings, payments, door locks
As WhatsApp, Facebook Messenger, other Meta bits plus Apple stuff fall offline today
Updated Omni Hotels & Resorts' computer systems have been offline since Friday due to what the American luxury hospitality chain called a "disruption."
Latest: We now know that a cyberattack forced the Texas-based corporation to take parts of its IT environment down, as we've reported in an update below. What follows is our article as published.
On April 1, Omni, which owns more than 50 properties across the US and Canada, confirmed it was suffering an outage via social media:
Dear valued guests, our technology teams are continuing to work on restoring our systems that are currently down. Your business is very important to us; we appreciate your patience and apologize for the disruption. Please check back here for updates.
Neither Omni nor TRT Holdings, which owns the hotel chain, could answer The Register's specific inquiries about the IT breakdown, including whether it was due to a ransomware infection and when it anticipated restoring normal operations.
As of Wednesday, the corporation's phone systems weren't working, and a pre-recorded message tells callers: "We are currently experiencing technical difficulties."
Reportedly the chain-wide outage began on Friday and shut down reservation, hotel room door lock, and point-of-sale (POS) systems.
Don't worry: Bar still open!
On Reddit, guests at locations across the country confirmed systems were broken, noted that the bar was still open (at least in the Washington DC location) — and reminded folks to be courteous to hotel staff, who were roundly praised for their grace in what was sure to be a rough Easter weekend.
"Checking in on paper, no card machines work, even room keys do not work," said one hotel guest who was staying at the Louisville Omni. "Everyone has to be escorted to their room by an employee and the phones and Wi-Fi are down."
Another guest said getting into your room required texting the hotel staff to unlock the door, which took 30 minutes or more.
One Reddit user, who claimed to be a "low-level" Omni employee, said their hotel was only accepting reservations made prior to the outage. The whole situation is "a mess for every party involved. It has been a very stressful work weekend," the netizen vented on the forum.
"We all feel terrible for the inconvenience for all the guests and the stress of not knowing if we'll be able to earn an income during the downed server. For all of you staying at properties, and have chosen to stay, thank you – Omni will surely lose millions over this attack and lose loyal customers. I promise my property will do anything we can to make this inconvenience as smooth as possible."
- Omni-shambles! Card-stealing malware checks into US hotel chain
- A tale of 2 casino ransomware attacks: One paid out, one did not
- Pandabuy confirms crooks nabbed data on 1.3M punters
- AT&T admits massive 70M+ mid-March customer data dump is real though old
While neither the resort chain nor its parent company have indicated that cybercriminals are responsible for the downed IT systems, the outage does draw many parallels to the MGM Resorts ransomware infection in September.
Scattered Spider, the crime gang believed to be responsible for both the MGM and Caesars Entertainment digital intrusions, reportedly bragged that all it took to break into MGM's networks was a 10-minute call hoodwinking a help desk.
MGM famously did not pay the ransom demand, then suffered nearly a week of outages, operational disruptions, and the wrath of angry customers. It later said the incident cost it about $100 million in losses, plus its stolen data was reportedly leaked not long after. ®
Updated to add at 2200 UTC
Omni has admitted what many suspected: The hotel chain's computer woes are due to an attack on its IT environment, and we're told services are being restored.
"Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems," the biz said in a statement.
"Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data. As a result, certain systems were brought offline, most of which have been restored.
"As our team works diligently to restore the remainder of the systems to full functionality, we continue to welcome our guests and accept new reservations. We apologize for the disruption and inconvenience this cyberattack is causing."
A security firm has been brought in to investigate what, if any, data was lost or stolen, and the true extent of the attack.
Speaking of outages... Now Meta and Apple
If you're having problems using WhatsApp, Facebook Messenger, Instagram, and Meta's ad tools right now or earlier today, it's not you – they are or were down around the world, too.
"We are currently experiencing an outage impacting service on Messenger Platform," the social network giant said in a status update today. "This issue started at 04-03-2024 at 1110 AM PST. Our engineering teams are investigating the issue."
The Ads Transparency suite is also knackered, as is the WhatsApp Business Cloud API and the main mobile chat app, with messages being undelivered for users.
"We are aware that some advertisers may be having trouble creating or editing their ads in Ads Manager," Meta added (no pun intended). "Our engineering teams are aware and are actively looking to resolve the issue as quickly as possible."
That said, some netizens say services are coming back online and working again from being unavailable, so your mileage may vary.
Also, Apple suffered downtime today, with the iOS and macOS App Stores, Apple Music, Apple TV channels, and other services, experiencing an hour-plus outage from 1513 to 1635 PT.